After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 407274 - Entering relative R1C1 reference in GoTo dialog or selection descriptor causes crash
Entering relative R1C1 reference in GoTo dialog or selection descriptor cause...
Status: RESOLVED FIXED
Product: Gnumeric
Classification: Applications
Component: GUI
git master
Other All
: Normal critical
: ---
Assigned To: Jody Goldberg
Jody Goldberg
Depends on:
Blocks:
 
 
Reported: 2007-02-12 23:24 UTC by Oliver Burnett-Hall
Modified: 2007-02-13 17:28 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Fix for crash from relative R1C1 references (374 bytes, patch)
2007-02-12 23:25 UTC, Oliver Burnett-Hall 		none Details | Review

Description Oliver Burnett-Hall 2007-02-12 23:24:57 UTC 
Using R1C1-style relative references in the GoTo dialog or the selection
descriptor is not handled correctly and can cause a crash.

A relative reference is treated like an absolute reference, with the
square brackets being ignored.  For example, entering R[1]C[1] will make
R1C1 the active cell, not the cell one row below and one row to the
right of the current cell.

Worse, if negative offsets are given Gnumeric will crash.  Here's
an example backtrace, after entering 'R[-2]C1' in the selection
descriptor:

Program received signal SIGSEGV, Segmentation fault.

+ Trace 110246

Thread NaN (LWP 14272)

  • #0 scg_make_cell_visible
    at sheet-control-gui.c line 1019
  • #1 scg_make_cell_visible_virt
    at sheet-control-gui.c line 1047
  • #2 sc_make_cell_visible
    at sheet-control.c line 110
  • #3 sv_make_cell_visible
    at sheet-view.c line 339
  • #4 wb_control_parse_and_jump
    at workbook-control.c line 260
  • #5 cb_statusbox_activate
    at workbook-control-gui.c line 1460
  • #6 g_cclosure_marshal_VOID__VOID
    from /usr/lib/libgobject-2.0.so.0
  • #7 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #8 ??
    from /usr/lib/libgobject-2.0.so.0
  • #9 ??
  • #10 ??
  • #11 ??
  • #12 ??
  • #13 ??
  • #14 ?? 

Avoiding the segfault is one line fix (see patch), but this doesn't fix the underlying problem, with the references being interpreted as absolute values.  I've spent a while trying to work out how to do this, but have ended up a bit lost in value_new_cellrange_str() and parser.y.  It would probably help if I knew how to program in either C or yacc :)
Comment 1 Oliver Burnett-Hall 2007-02-12 23:25:44 UTC 
Created attachment 82431 [details] [review]
Fix for crash from relative R1C1 references
Comment 2 Morten Welinder 2007-02-13 16:41:49 UTC 
Confirmed.  I am not sure what a relative location entered up there should
mean -- what is it relative to?

But it clearly shouldn't crash.
Comment 3 Morten Welinder 2007-02-13 17:14:13 UTC 
Fixed in the development version. The fix will be available in the next major release. Thank you for your bug report.
Comment 4 Oliver Burnett-Hall 2007-02-13 17:28:16 UTC 
(In reply to comment #2)
> Confirmed.  I am not sure what a relative location entered up there should
> mean -- what is it relative to?

Relative to the currently active cell.  That's what Excel does anyway -- if R3C3 is active and you enter R[2]C[-1] then it will change the selection to be R5C2.  This is only very occasionally useful.